* ensures the server certificate doesn't change. Normally this isn't detected
* if a trusted CA for the new server certificate is installed.
*
- * Copyright (C) 2011-2013 Simon Ruderich
+ * Copyright (C) 2011-2014 Simon Ruderich
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
+#include <limits.h>
+#include <netinet/in.h>
#include <pthread.h>
#include <signal.h>
+#include <stdint.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
-#include <unistd.h>
-#include <limits.h>
#if GNUTLS_VERSION_NUMBER <= 0x020b00
/* Necessary for GnuTLS when used with threads. */
}
#ifdef USE_IPV4_ONLY
- server_socket = socket(PF_INET, SOCK_STREAM, 0);
+ server_socket = socket(AF_INET, SOCK_STREAM, 0);
#else
- server_socket = socket(PF_INET6, SOCK_STREAM, 0);
+ server_socket = socket(AF_INET6, SOCK_STREAM, 0);
#endif
if (server_socket < 0) {
perror("socket()");
if (global_log_level >= LOG_DEBUG1_LEVEL) {
printf("tlsproxy %s\n", VERSION);
printf("Listening for connections on port %d.\n", port);
+ printf("Priority string: %s.\n", PROXY_TLS_PRIORITIES);
if (global_proxy_host != NULL && global_proxy_port != NULL) {
printf("Using proxy: %s:%s.\n", global_proxy_host,
memcpy(global_proxy_host, optarg, (size_t)(position - optarg));
global_proxy_host[position - optarg] = '\0';
- global_proxy_port = malloc(strlen(position + 1) + 1);
+ global_proxy_host = strdup(position + 1);
if (global_proxy_port == NULL) {
- perror("malloc()");
+ perror("strdup()");
exit(EXIT_FAILURE);
}
- strcpy(global_proxy_port, position + 1);
break;
}
#endif
/* Setup GnuTLS cipher suites. */
- result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL);
+ result = gnutls_priority_init(&global_tls_priority_cache,
+ PROXY_TLS_PRIORITIES, NULL);
GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()");
/* Read Diffie-Hellman parameters. */